SGX For Linux — Intel Open Sources A Tool To Protect Your Code And Data

Short Bytes: As promised, Intel has open sourced an early version of its SGX tool for Linux. Intel SGX is a set of instructions that create a private region for sensitive code and data. This enclave is invisible to even the machine’s CPU with root privileges. At the moment, this release only supports Ubuntu 14.04 LTS 64-bit version.

Intel’s SGX technology gives the programmers the power to protect their code and lock the data inside CPU-enforced containers. This allows one to preserve the confidentiality of sensitive information and equips the software makers to deliver applications and updates more safely.

Interestingly, when SGX is running on a machine, code and data are put behind such curtains that can’t be accessed by processors with root permissions. According to Intel — “At its root, Intel SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.”

Earlier this year in April, Intel promised that it’s going to open source its SGX technology for Linux. Now, making good on its promise, Intel has released the code on GitHub.

The Linux SGX implementation includes the SGX Platform Software, SGX driver, and the SGX SDK. The Intel SGX SDK is basically a collection of APIs, documentation, sample source code, tools, and libraries. Using them, a developer can create and play with SGX-enabled programs written in C/C++.

At the moment, this release is in its very early stage with support for Ubuntu 14.04 LTS 64-bit version only. The hardware requirements include 6th Generation Intel Core processors with SGX-enabled BIOS.

Apart from its benefits, Intel SGX is attracting criticism due to the way it obtains certificates. Still, it’s an interesting technology that I would like to follow (and so should you).